// Copyright 2011 The Apache Software Foundation
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package org.apache.tapestry5.csrfprotection.mixins;

import org.apache.tapestry5.MarkupWriter;
import org.apache.tapestry5.annotations.InjectContainer;
import org.apache.tapestry5.annotations.SessionState;
import org.apache.tapestry5.csrfprotection.CsrfProtectable;
import org.apache.tapestry5.csrfprotection.CsrfTokenProvider;
import org.apache.tapestry5.ioc.annotations.Inject;
import org.apache.tapestry5.services.javascript.JavaScriptSupport;
import org.slf4j.Logger;

/**
 * This mixin, if applied, calls the insertCSRFToken method of the component in the afertRender render phase.
 * The insertCSRFToken method is added to all components through the {@link org.apache.tapestry5.csrfprotection.CsrfProtectionClassTransformWorker}.
 * It may be overridden by a custom implementation directly in the component.
 */
public class CsrfProtected {
	@InjectContainer
	private Object container;
		
	@SessionState(create=true)
	private CsrfTokenProvider tokenProvider;
		
	@Inject
	private Logger logger;
	
	@Inject
	private JavaScriptSupport javaScriptSupport;
	
	void cleanupRender(MarkupWriter writer){
		logger.debug("CSRF protection active.");
		if(container instanceof CsrfProtectable){	
			logger.debug("Component is CSRF protectable - inserting Anti-CSRF token.");
			((CsrfProtectable) container).insertCSRFToken(writer,tokenProvider.getSessionToken());
			
		}
	}	
}
